SecAppDev Studio Day
The SecAppDev Studio Day is a unique event where we record selected lectures from the SecAppDev course in a TED-talk style setup. This professional recording environment includes high-quality audio and video capture, and may feature occasional shots of the audience to enhance the viewing experience.
Each lecture will be followed by a Q&A session, providing attendees the opportunity to interact with the speakers, ask questions, and delve deeper into the topics discussed. This format ensures that both the live audience and future viewers can benefit from the expertise shared during the sessions.
Studio Day Lectures
We have selected the following SecAppDev 2026 lectures to be recorded at the Studio Day.
An Updated Security Model of the Web
Deep-dive lecture by Philippe De Ryck
Web security is messy, complicated, and under constant evolution. Often, you even start wondering why certain issues cannot be solved by the browser directly.
In this session, we investigate the security model of the web. We learn how browsers think about security, and how we can leverage that to build more secure applications. We explicitly focus on new browser features and how they can be used. Examples include the sanitization API, new cookie prefixes, as well as features focusing on script integrity. This session will give you an up-to-date understanding of browser security in the modern age.
Philippe De Ryck
Security Expert, Pragmatic Web Security
Philippe De Ryck specializes in making web security accessible to developers and architects, leveraging his Ph.D. from KU Leuven to inform his comprehensive understanding of security challenges. As the founder of Pragmatic Web Security, he provides practical security training and consulting services to organizations worldwide. His online course platform offers a self-paced approach to learning about security. Philippe also actively helps shape OAuth 2.0 best practices as the co-author of the best practices for browser-based apps specification. Philippe is recognized as a Google Developer Expert, acknowledging his contributions to web application and API security. He also organizes SecAppDev, an annual week-long application security course in Belgium.
AI Memory, Mapped
Deep-dive lecture by Natalie Isak
Persistent memory transforms AI systems from stateless tools into context-aware systems, but it also introduces a class of risks. We will cover key risks including continuous exfiltration via prompt injection, delayed tool invocation, and negative psychosocial impacts. The second half focuses on building memory-safe systems by design: threat modeling memory, observability strategies, and runtime safety monitoring at scale (including BinaryShield, a novel privacy-preserving method for sharing textual customer content to detect coordinated spray attacks).
Natalie Isak
ML Engineer, Microsoft
Natalie Isak is an AI safety engineer at Microsoft who focuses on building scalable, impactful AI systems. She graduated from Cornell University and brings experience across both research and product development. She holds multiple patents in AI safety and has published at leading peer-reviewed venues. Her current work centers on developing monitoring systems and mitigation strategies for emerging AI risks, with an emphasis on privacy-preserving and compliant approaches.
Secure by Design — Ideas and Techniques
Introductory lecture by Dan Bergh Johnsson and Daniel Deogun
Most security vulnerabilities aren't introduced by careless developers. They're made possible by design decisions that nobody flagged as security decisions at the time.
This session introduces Secure by Design as a way of thinking, not a checklist. We'll look at how everyday design choices — how you model your domain, define your types, draw your boundaries — can close down attack surfaces. The same thinking that makes code correct and maintainable tends to make it secure. Security becomes a property that emerges from good design rather than a layer bolted on afterwards.
Dan Bergh Johnsson
AI Head, Omegapoint
Dan Bergh Johnsson works at the intersection of software architecture, security, and large-scale system design. He has decades of experience designing and reviewing complex systems where security, stability, and delivery speed are in constant tension. Dan is co-author of Secure by Design (Manning) and a frequent international conference speaker. His talks focus on how architectural and design choices — increasingly involving AI — shape long-term security, system behavior, and organizational responsibility. He is particularly interested in what gets lost when productivity increases faster than system understanding.
Daniel Deogun
CTO, Omegapoint
Daniel Deogun is a cybersecurity specialist at Omegapoint in Stockholm, Sweden. He is author of the book Secure by Design and a strong advocate of using craftsmanship as driver for software security. Throughout his career, Daniel has worked in a wide range of domains – from patient critical software in life sustaining systems to large scale enterprise applications in the cloud. Combining this with his passion for tech has made him a frequent speaker at conferences all over the world. Daniel is currently Chief Technology & Academy Officer at Omegapoint.
SBOMs and their Role in Security
Deep-dive lecture by Alexios Zavras
A practical deep dive into Software Bills of Materials (SBOMs): what they are, what they are not, and how they fit into modern software security. We will cover common data models and formats, how SBOMs are produced and consumed, and how they enable better visibility and faster decision-making across the software lifecycle. Interactive participation is particularly encouraged.
Alexios Zavras
Chief Open Source Compliance Officer, Intel Corp.
Alexios Zavras is the Chief Open Source Compliance Officer of Intel Corp. He has been involved with Free and Open Source Software since 1983 and is an evangelist for all things Open. Besides his duties in Intel, he is an active participant in a number of industry-wide efforts around compliance issues, like SPDX and OpenChain. He has been organizing the SBOM devroom at FOSDEM since 2023. He has presented in a number of national and international conferences, including FOSDEM, SFSCON, Linux Foundation events like Open Source Leadership Summit and Open Source Summit, CopyleftConf, academic conferences, etc. He has a PhD in Computer Science after having studied Electrical Engineering and Computer Science in Greece and the United States.
Studio Day Schedule
Below is the detailed schedule for the SecAppDev Studio Day. The day features four lectures, two coffee breaks, and a catered 2-course lunch. Please note that attendees are expected to attend the entire day.
Registration and welcome coffee
Studio Day Lecture
Coffee break
Studio Day Lecture
Catered Lunch
Studio Day Lecture
Coffee break
Studio Day Lecture
Registration
Registration is available by invitation only. You can sign up using the link you have received in your personal invitation.
Registration for the SecAppDev Studio Day is free of charge. However, hosting this event involves considerable resources, so we appreciate your commitment to attending once you register. If for any reason you are unable to attend, please cancel your registration in advance to allow someone else the opportunity to participate.
By registering, you agree to be part of the recorded audience, which helps us create engaging and dynamic content for future viewers. Your cooperation and enthusiasm are key to making this event a success.
Venue and Practicalities
The event will be held at the Faculty Club, in room "Heilige Geesttafel". Please note that this event is separate from the main SecAppDev course.
Address
Faculty Club
Groot Begijnhof 14
3000 Leuven
Belgium
Vehicle access
The Faculty Club's driveway is situated on Leuven ring road, just off the E40/E314. Parking facilities are available on site.
Public transport
Leuven is a small town with an extensive bus network. The bus station is attached to the train station. Bus number 600 approaches the site via the ring road. Bus number 1 and 2 stop a few hundred meters from the Faculty Club via the city center.
Contact
For questions, help, or feedback, you can reach us at philippe@secappdev.org.